Think You Have Cybersecurity Taken Care Of? Think Again

If you learned that homes with your same model of alarm system were being broken into 32 percent more often this year than last, you might no longer think your system is secure enough. Yet many companies assume their IT infrastructure is still secure, despite the fact that cyberattacks jumped 32 percent between the first quarters of 2017 and 2018, according to a Positive Technologies report.

These days, companies of all sizes and in all industries rely on data and technology, which means cybersecurity must be taken seriously. Unlike home break-ins, cyberattacks are becoming more than just a possibility — they’re becoming nearly inevitable for every type of company.

Some entrepreneurs realize their security measures aren’t top-notch, but they don’t consider their companies targets because they don’t move billions of dollars each year. However, hackers aren’t just after money. According to the PT report, 63 percent of those attacks specifically targeted data and credentials.

These numbers highlight why companies need up-to-date cybersecurity measures to effectively prevent, detect, respond to, and recover from cyberattacks. PT’s cyberthreat report goes on to explain why you may want to think twice — even if you believe your company’s cybersecurity is taken care of.

1. Financial institutions aren’t as secure as you think.

The range of cyberattacks in 2017 was more varied than ever before, but banking and financial institutions still bore the brunt of the attacks. In another report, Kaspersky Lab highlighted just a few of the innovative ways hackers attacked such institutions. They included infecting ATMs with malware that could be easily bought on the darknet and stealing funds straight out of victims’ accounts in more than 10 international financial organizations.

When these organizations’ cybersecurity measures failed, the situation was often made worse by insurance companies refusing to reimburse the losses incurred. Thomas Bentz, an insurance attorney at Holland & Knight, says the sharp rise in financial attacks has led many institutions to purchase cyber insurance policies. If you go that route, read carefully: There’s so much variability that companies often don’t always realize what is and isn’t covered until their claims are rejected in the aftermath of a cyberattack.

2. Every piece of data is valuable to hackers.

Almost every attack at banking and financial institutions is aimed at financial gain. Some are direct, such as the ATM and account hacks noted earlier, but others are more indirect. For instance, the PT report showed that malware attacks increased by 75 percent during the last year, collecting information such as account logins, answers to security questions, Social Security numbers, and more.

Companies outside the financial sector don’t usually house customer financial data in their systems, but if you utilize a web application, your customers have to build profiles with personal data. Jon Schram, CEO of technology support company The Purple Guys, warns that simply “having data stolen from you can hurt your company long after the breach has been resolved.” If you want to preserve customer loyalty, protect the data you collect.

3. Even smart employees get phished.

Phishing attacks have proven to be one of the most prolific ways for hackers to get malware into companies’ systems. Instead of trying to break through a system’s firewalls or directly hack the infrastructure, phishing attacks fool employees into unwittingly giving hackers access to enter the system unopposed. Once inside, they can steal credentials, change account details, or lock administrators out of the system and demand a ransom before releasing the data.

With every attack, phishing scams get increasingly intricate. A cybersecurity report by Barracuda noted more than 10,000 unique phishing attacks in June 2018 alone, and the most successful ones were impersonating well-known companies such as Netflix and Citibank. Even smart employees need to remain diligent for things — like minor spelling errors in unsolicited emails — that could give away the scam.

4. Cybersecurity is an approach, not a single solution.

In response to these threats, Gartner predicts that companies worldwide will spend up to $96 billion on cybersecurity this year. Yet much of that spending will be in reaction to specific breaches rather than focused on implementing holistic, prevention-focused cybersecurity measures. This means many of those measures will still leave entrepreneurs' organizations vulnerable, especially ones that work with smaller, less secure companies.

Outsourcing and collaborating with other companies entails giving those companies access to your network. Ryan Dodd, founder of cyber risk assessment firm Cyberhedge, points out that “the lack of protection these smaller entities maintain heightens the overall risk carried by larger companies, especially as the pace of outsourcing increases.” Securing your network means securing each hub that other companies have access to, and that requires a more holistic approach to managing your cybersecurity efforts.

It’s common for companies to believe they’re safe from cyberattacks, but it isn’t always true. In 2017, the Online Trust Alliance tracked more than 159,000 cyber incidents. Those breaches cost companies up to $608 billion total, according to McAfee and the Center for Strategic and International Studies. This year, industries have the opportunity to stem the flood of attacks — which begins with acknowledging they may not be as secure as they thought.

Serenity Gibbons is the local lead for NAACP in Northern California with a mission is to ensure economic equality of rights of all persons and to eliminate race-based discrimination.

Serenity Gibbons is a former assistant editor at The Wall Street Journal. The local unit lead for the NAACP in Northern California and a consultant helping to build diverse workforces, Serenity enjoys gathering insights from people who are creating better workplaces and mak...